Ber Wilson
Ber Wilson
  • Home
  • ABOUT US
    • ABOUT US
    • THE TEAM
  • What We Do
    • Master Plan Communities
    • Design Build Services
    • Workforce Housing
    • Renovations
    • Concrete Solutions
    • Commercial
    • Technology Solutions
    • Community Engagement
  • How it Works
    • How It Works
    • House Framing Kit
    • Home Financing
  • Knowledge Center
    • THE PREFAB REPORT | BLOG
  • Contact US
    • CONTACT US
    • SAFETY
    • PRIVACY POLICY
  • More
    • Home
    • ABOUT US
      • ABOUT US
      • THE TEAM
    • What We Do
      • Master Plan Communities
      • Design Build Services
      • Workforce Housing
      • Renovations
      • Concrete Solutions
      • Commercial
      • Technology Solutions
      • Community Engagement
    • How it Works
      • How It Works
      • House Framing Kit
      • Home Financing
    • Knowledge Center
      • THE PREFAB REPORT | BLOG
    • Contact US
      • CONTACT US
      • SAFETY
      • PRIVACY POLICY
  • Home
  • ABOUT US
    • ABOUT US
    • THE TEAM
  • What We Do
    • Master Plan Communities
    • Design Build Services
    • Workforce Housing
    • Renovations
    • Concrete Solutions
    • Commercial
    • Technology Solutions
    • Community Engagement
  • How it Works
    • How It Works
    • House Framing Kit
    • Home Financing
  • Knowledge Center
    • THE PREFAB REPORT | BLOG
  • Contact US
    • CONTACT US
    • SAFETY
    • PRIVACY POLICY

Privacy Policy

Ber Wilson Privacy Policy & CMMC Data Protection

CMMC Compliance Commitment

Ber Wilson is committed to protecting information in accordance with Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements. This Privacy Policy incorporates security controls aligned with NIST SP 800-171 to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) handled in the course of our defense and federal contracting work.


CMMC Certification Status: Ber Wilson maintains CMMC Level 2 compliance for all systems processing, storing, or transmitting CUI and FCI.

  

Important Notice: System Usage and Monitoring

BY ACCESSING BER WILSON'S INFORMATION SYSTEMS, YOU ACKNOWLEDGE AND CONSENT TO THE FOLLOWING:

· Information system usage may be monitored and recorded, and is subject to audit by authorized personnel

· Unauthorized use of Ber Wilson's information systems is strictly prohibited

· Unauthorized use is subject to criminal and civil penalties under applicable federal law

· Use of the information system affirms your consent to monitoring and recording of all activities

· These systems contain Federal Contract Information (FCI) and/or Controlled Unclassified Information (CUI) subject to Department of Defense protection requirements

· Access to and use of these systems may be subject to additional requirements associated with specific types of CUI, including Export Controlled information and Defense-related technical data

  

Information We Collect

Ber Wilson may collect the following types of information:


Personal Information

· Name, email address, phone number, mailing address, and other contact details you provide via forms or inquiries

· Government-issued identification numbers (where required for federal contracts)

· Employee and contractor credential information


Project Information

· Details about your construction project or service requests

· Project specifications, budgets, and timelines

· Client and stakeholder information related to federal or public projects

· Subcontractor and supplier information


Federal Contract Information (FCI) and Controlled Unclassified Information (CUI)

· Any FCI or CUI created or received in connection with DoD contracts, including procurement documentation, technical specifications, and compliance records

· Security classification information as defined by applicable Classification Guides (SCGs)


Usage Data

· IP address, browser type, device information, pages visited, and time spent on the site (collected via cookies and analytics tools)

· System access logs and authentication records

· Security event data and audit logs


Communication Data

· Records of your correspondence with us

· Email and phone communication logs (encrypted where CUI is involved)

  

How We Use Your Information

Ber Wilson uses your information for the following purposes:

· To respond to inquiries and provide requested services

· To process estimates, quotes, or service requests

· To manage federal contracts and comply with DoD security requirements

· To maintain audit trails and security logs for CMMC compliance

· To improve our website, services, and customer experience

· To send updates, newsletters, or promotional materials (with your consent)

· To comply with legal obligations, including federal contracting requirements

· To detect, prevent, and investigate security incidents and unauthorized access

· To conduct vulnerability assessments and security testing (with appropriate authorization)

· To maintain compliance with NIST SP 800-171 and CMMC requirements

  

Encryption and Data Protection

Ber Wilson implements the following security measures aligned with CMMC Level 2 requirements:


Information Transmission Protection

· Secure Sockets Layer (SSL/TLS) encryption for all data transmitted over the internet (minimum TLS 1.2)

· Encrypted email gateways for communication containing CUI

· Multi-factor authentication for access to systems containing FCI or CUI

· Virtual private networks (VPNs) for secure remote access


Data Storage Protection

· Encrypted storage for all FCI and CUI at rest using NIST-approved encryption algorithms

· Secure database architecture with access controls and audit logging

· Regular encryption key management and rotation procedures

· Physical security controls for servers and storage devices


Access Control

· Role-based access control (RBAC) limiting data access to authorized personnel only

· Unique user identification for all system access

· Prohibition of shared accounts; emergency access procedures with audit logging

· Periodic access reviews and recertification by system owners

  

Cookies and Tracking Technologies

Ber Wilson uses cookies and similar technologies to:

· Enhance website functionality and user experience

· Analyze website traffic and usage patterns

· Remember your preferences for future visits

· Maintain secure sessions for authenticated users

· Track security-related information for CMMC compliance


Cookie Control: You can control cookies through your browser settings. However, disabling certain cookies may limit functionality on our website.

  

Information Sharing

Ber Wilson does not sell or rent your personal information. We may share your information with:


Trusted Third-Party Service Providers

· Web hosting providers (with signed Business Associate Agreements)

· Email delivery and communication services (with encryption requirements)

· Security monitoring and log management providers

· Cybersecurity and compliance assessment firms

· IT managed service providers supporting CMMC compliance


Government and Legal Requirements

· DoD agencies and contracting officers as required by contract terms

· Law enforcement if required by law or court order

· Government auditors conducting CMMC assessments or compliance reviews

· As necessary to protect our rights, privacy, safety, or property


Subcontractors and Supply Chain Partners

· Subcontractors and suppliers with appropriate CMMC certification and security agreements

· Only information necessary for contract performance is shared

· All third parties must execute security agreements ensuring CUI protection


Third-Party Security Requirements: All service providers and subcontractors handling CUI must maintain appropriate CMMC certification and comply with DoD security requirements.

  

Data Retention and Destruction

Ber Wilson maintains information according to:

· Federal Records Act requirements (as applicable)

· DoD contract retention schedules (minimum 3 years after contract completion)

· CMMC compliance documentation (maintained throughout certification validity)

· Audit logs and access records (minimum 1 year, longer if required by contract)

Information is securely destroyed using NIST-approved methods upon retention period completion, including:

· Cryptographic erasure

· Secure media overwriting

· Physical destruction with certificates of destruction

  

Incident Response and Breach Notification

Ber Wilson maintains a formal Incident Response Plan aligned with CMMC requirements:


Security Incident Reporting

· All security incidents involving CUI are reported to authorized government representatives per contract requirements

· Notification timeline: Within 30 days (or as specified in contract) of discovery of unauthorized access

· Forensic investigation and root cause analysis conducted by qualified security personnel

· Evidence preservation for DoD investigation and legal proceedings


Your Rights in Event of Breach

· You will be notified of any incident affecting your information

· Notification will include nature of incident, information affected, and protective measures taken

· DoD notification requirements are followed for government-related incidents

  

Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices or content of those sites. Review their privacy policies before providing personal information.

  

Children's Privacy

Ber Wilson's website is not directed to children under 13. We do not knowingly collect information from children under 13. If we become aware of such information, we will delete it promptly.

  

Your Rights and Choices

You have the right to:

· Request access to personal information we maintain about you

· Request correction of inaccurate information

· Request deletion of personal information (subject to legal and contractual retention requirements)

· Unsubscribe from marketing emails by following instructions in emails

· Opt out of non-essential cookies through browser settings

· File a complaint regarding our privacy practices


Limitations: CUI and information required for federal compliance cannot be deleted while under government contract or during required retention periods.

To exercise these rights, contact our Privacy Officer at the information below.

  

CMMC Compliance Documentation

Ber Wilson maintains comprehensive documentation supporting CMMC Level 2 compliance:

· System Security Plan (SSP) detailing security controls and implementation

· Policies and procedures aligned with NIST SP 800-171 requirements

· Risk assessments and vulnerability management documentation

· Security assessment reports and audit logs

· Third-party security agreements and vendor risk assessments

· Employee security awareness training records

· Incident response and breach notification procedures

Documentation is maintained in accordance with federal retention requirements and is available for review by authorized DoD personnel and CMMC assessors.

  

Changes to this Policy

Ber Wilson may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Changes will be posted on this page with the effective date. Continued use of our website constitutes your acceptance of updated terms.

  

Contact Us

For questions or concerns about this Privacy Policy, CMMC compliance, or our data protection practices, please contact:

Ber Wilson Privacy Officer

Ber Wilson LLC
Salt Lake City, Utah
Email: info@berwilson.com

Phone:385-436-5507

CMMC Compliance Inquiries:
CMMC Program Manager
Email: cmmc@berwilson.com

For DoD-related inquiries or incident reporting:
Contact your Contracting Officer or Contracting Officer's Representative (COR) as specified in your contract.

  

NIST SP 800-171 Compliance Reference

This Privacy Policy and Ber Wilson's security practices implement the following NIST SP 800-171 control families required for CMMC Level 2 certification:

· AC:Access Control

· AU:Audit and Accountability

· AT:Awareness and Training

· CM:Configuration Management

· IA:Identification and Authentication

· IR:Incident Response

· MA:Maintenance

· MP:Media Protection

· PE:Physical and Environmental Protection

· PL:Planning

· PS:Personnel Security

· RA:Risk Assessment

· CA:Security Assessment and Authorization

· SC:System and Communications Protection

· SI:System and Information Integrity

  

Effective Date: December 26, 2025
Last Updated: December 26, 2025
Next Review Date: December 26, 2026

© 2025 Ber Wilson LLC. All rights reserved.


Email:info@berwilson.com

BER WILSON

info@berwilson.com

385-436-5507

Copyright © 2025 Ber Wilson - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept